OSN MARCH 19, 2021

Fortify Security Team
Mar 19, 2021

Title: Russian Pleads Guilty to Tesla Hacking and Extortion Attempt
Date Published: March 19, 2021


Excerpt: “Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla’s Nevada Gigafactory. His end goal was to extort the company using the sensitive information stolen from Tesla’s servers as leverage to convince the company to pay a ransom to avoid having the data leaked. To convince the company’s employee to act as an insider for his criminal gang, Kriuchkov told him that he would be paid $1,000,000 worth of bitcoins after the malware got deployed on the company’s network, according to court documents.”

Title: New Windows 10 Emergency Updates Fix Remaining Printing Issues
Date Published: March 19, 2021


Excerpt: “Microsoft has released the Windows 10 KB5001649 emergency update to fix printing issues plaguing users since the March 2021 Patch Tuesday updates. On March 9th, Microsoft released their March 2021 Patch Tuesday security updates and cumulative updates for Windows. Windows 10 would crash when printing with an “APC_INDEX_MISMATCH for win32kfull.sys” error or printed pages would have missing graphics, black bars, or blank pages.”

Title: CISA and FBI Warn of Ongoing Trickbot Attacks
Date Published: March 19, 2021


Excerpt: “CISA and FBI are aware of recent attacks that use phishing emails, claiming to contain proof of a traffic violation, to steal sensitive information. The phishing emails contain links that redirect to a website hosted on a compromised server that prompts the victim to click on photo proof of their traffic violation.” continues the report. “In clicking the photo, the victim unknowingly downloads a malicious JavaScript file that, when opened, automatically communicates with the malicious actor’s command and control (C2) server to download TrickBot to the victim’s system”.”

Title: ESET Exposes Malware Disguised as Clubhouse App
Date Published: March 19, 2021


Excerpt: “Revealing its findings in a blog post, the cybersecurity firm said the Trojan malware aims to steal users’ login information for a variety of online services. Disguised as an Android version of the audio chat app (which does not current exist), it is capable of taking credentials for over 450 apps and is also able to bypass SMS-based two factor authentication (2FA).”

Title: Playstation 5 Contest Scam
Date Published: March 19, 2021


Excerpt: “The page ramps up the phishing pressure, saying you’re one of ten lucky visitors who can win the coveted console this week, but you have to act in the next minute and 18 seconds — just enough time to complete the short survey and enter the drawing. This, of course, is another example of a pretty effective phishing tactic: Ramp up the pressure with an artificial time constraint and people will panic and rush instead of slowing down to apply critical thinking.”

Title: Microsoft Defender Adds Automatic Exchange Proxylogon Mitigation
Date Published: March 19,  2021


Excerpt: “The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain. It automatically mitigates CVE-2021-26855 via a URL Rewrite configuration and scans the servers for changes made by previous attacks, automatically reversing them. “With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed,” Microsoft added.”

Title: Revil Ransomware Has a New ‘Windows Safe Mode’ Encryption Mode
Date Published: March 19,  2021


Excerpt: “The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files. Windows Safe Mode is a special startup mode that allows users to run administrative and diagnostic tasks on the operating system. This mode only loads the bare minimum of software and drivers required for the operating system to work. Furthermore, any programs installed in Windows that are configured to start automatically will not start in Safe Mode unless their autorun is configured a certain way.”

Title: New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
Date Published: March 18, 2021


Excerpt: “This year has brought two disturbing new trends into prominence: the targeting of developers and the use of supply chain attacks to infect broad swaths of customers. Targeting software developers is the first step in a successful supply chain attack. One way to do so is to abuse the very development tools necessary to carry out this work. In Jan 2021, Google TAG announced their discovery of a North Korean campaign targeting security researchers and exploit developers. One of the methods of infection entailed the sharing of a Visual Studio project designed to load a malicious DLL. In this post, we discuss a similar attack targeting Apple developers through malicious Xcode projects.”

Title: Mysterious Bug Is Deleting Microsoft Teams, SharePoint Files
Date Published: March 18, 2021


Excerpt: “Microsoft later confirmed that the outage was caused by a configuration issue in their Azure Active Directory service. Since Tuesday, BleepingComputer has spoken to numerous Microsoft SharePoint administrators bombarded with client calls about missing files in their SharePoint folders. When the admins look into the issue, they find the SharePoint folder structure to be intact, but all of the files are missing. Eventually, they find that the files have been deleted and are now located in SharePoint’s cloud recycle bin, or in some cases, a local PC’s Recycle Bin.”

Title: FBI: Business Email Compromise Cost $1.8B in 2020
Date Published: March 18, 2021


Excerpt: “Officials report BEC scams have evolved since 2013, when these attacks typically spoofed email accounts of chief executive officers or chief financial officers and requested wire payments. The scams have since evolved to compromise personal emails and vendor emails. In 2020, the IC3 saw more BEC complaints detail identity theft and funds being converted into cryptocurrency. In the latest BEC attacks, a victim is targeted with a different type of scam: extortion, tech support, or romance scams, among others. The victim provides an attacker with a form of identification, which is then used to create a bank account and receive stolen BEC funds that are later transferred into a cryptocurrency account.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/ Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 https://securityaffairs.com/148465/hacking/pwnpress-platform.html Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...